You will need to complete the following configuration settings once you have installed
Specops Password Sync.
Import your license key
Enter your license key in the
Specops Password Sync Administration Tool.
-
Open the
Specops Password Sync Administration Tool.
-
You will prompted to import you license key. Browse to the location of the TXT file, and click Open.
Verify that the Password Change Notifier has been installed on all of your domain controllers.
NOTE
Your domain controllers must be restarted after the installation.
Verify that the certificate(s) used on your Sync Server(s) are trusted by the domain controllers.
Use the Setup Wizard to create a basic configuration
The Setup Wizard in the Administration Tool Welcome page can help you quickly create and configure the basic settings needed to synchronize passwords.
To create a basic configuration, click Setup Wizard.
Create a Sync Scope
Sync Scopes are used to create a basic administration unit for password synchronization. The scope is tied to a level in your Active Directory structure and enables the use of
Specops Password Sync on the user objects beneath the selected level.
In large environments, where user administration takes place in more location, you should create several sync scopes.
- Enter a name for the Sync Scope.
-
Click Browse to select the User Scope of Management.
NOTE
-
The system defaults to assign the domain root as the Scope of Management. You should change the scope of management if you require a narrower selection of users.
-
Password synchronization will occur after group policy settings have been configured for each sync point.
- Click Next.
Configure system wide email settings
You will need to configure the default email settings used by the system to send email. You can override the system wide settings in each sync scope.
-
In the SMTP Server Name field, enter the SMTP Server Name.
-
In the Email Sender Address field, enter the email address from which the system should send emails from.
-
In the Admin Email Address field, enter the administrative email address that will receive emails from the system.
- Click Next.
Create a Sync Point with a Sync Server and Sync Provider
The Sync Points control the settings that are used when a password is synchronized with another system.
You will require one Sync Point for each system you want to synchronize with. You configure several Sync Points to synchronize with the same external system if your organization requires different synchronization settings for different types of users.
The Sync Point also specifies which Sync Server(s) to use for synchronization, allowing you to create separate Sync Points with different server settings for different parts of your organization.
-
From the Sync Server drop box, select the Sync Server you want to use with the Sync Point.
-
From the Provider list, select the Sync Provider you want to use with your Sync Point. The provider is the system you want to synchronize passwords with.
- Click Next.
Configure the provider with synchronization settings
You will need to configure your selected provider with the necessary settings to connect to the remote system and synchronize passwords. The configurable settings will vary between each Sync Provider.
Create a GPO with
Specops Password Sync Settings
Once you have configured the provider with synchronization settings, you can automatically create the GPO in your domain. When you automatically create the GPO, it will be linked to the same level in Active Directory as the Scope of Management selected
for the Sync Scope.
You can also create it manually from the Group Policy Management Console.